Fitness tracking app reveals staff activity at military bases.

Strava's "heatmap" raised security concerns by exposing the exercise habits of military personnel throughout bases worldwide.

Strava, a San Francisco-based company that offers an online fitness tracker, has released a “heatmap” showcasing exercise activity of its users all around the world.

The app records exercise activity by utilizing a cell phone’s GPS or through collecting data from fitness devices like FitBit or Jawbone. Subscribers can track their own performance and compare their results with others.

Strava’s heatmap is a form of data visualization that showcases the activity of its 27 million worldwide users, according to the company. The latest version includes data collected from 2015 to November 2017, which is when the map was released.

The newest version, Strava said, was built from one billion activities and three trillion data points that covers over 27 billion kilometers of distance ran, biked or swum.

Nathan Ruser, a 20-year-old Australian university student studying international security, said he was browsing a cartography blog when he came across the heatmap.

Ruser, who also works with the Institute for United Conflict Analysts, quickly made the connection as to why the heatmap was lighting up the structure of military bases around the world.

He said he realized that a large amount of active duty military personnel had been publicly sharing their location data through the app. Therefore, they were allowing their regular exercise routes and movement inside and around the bases to be highlighted – which is a security concern.

“I just looked at it and thought, ‘oh hell, this should not be here – this is not good,”

Ruser said.

“I thought the best way to deal with it is to make the vulnerabilities known so they can be fixed.”

“Someone would have noticed at some point. I just happened to be the person who made the connection.

Though the location of the world’s military bases are well-known, the heatmap provides insight into which bases are being used and the habitual routes taken by military personnel.

The level of activity is defined by the intensity of the light on the heatmap. And, the heatmap doesn’t just show exercise routes – it includes location data both inside and outside the base walls. For example, the heatmap may be exposing a well-used patrol road.

“You can establish a pattern of life,”

Ruser said.

Bases that are most affected are those in remote areas. The activities of a single personnel can light up the heatmap, allowing it to stand out as an isolated “hotspot.” Location data from exercise activities are prominent in Syria, Yemen, Niger, Afghanistan and Djibouti.

In addition to military personnel, aid workers and NGO staffers in remote areas may also be affected.

Privacy is an option in Strava’s app. Users have the capability to opt out of data collection for the heatmap – even for activities shared publicly – or to set up “privacy zones” in certain locations.

The key, however, is that users must manually opt out. Journalist Rose Spinks expressed concern in an article for Quartz last year about the privacy system.

“’If you don’t like something, you can opt out of it’ is something we hear a lot in the consumer-facing tech world,”

Spinks wrote.

“The problem with this attitude is that it puts the onus on consumers to ensure they’re being respected and lets companies off the hook – the assumption being that they can bank on a good number of users being too lazy, confused or negligent to opt out.”

“And, in cases where privacy is a concern, it can be downright dangerous.”

Strava released a statement saying that the heatmap data had been “anonymized,” and it “excludes activities that have been marked as private and user-defined privacy zones.”

The U.S. military has been examining the heatmap, a spokesman said. Maj Audricia Harris, a spokeswoman for the U.S. Department of Defense, said the department takes

“matters like these very seriously and is reviewing the situation to determine if any additional training or guidance is required.”

Recommended reviews

Expert score

New Balance Fresh Foam Tempo Review

The Fresh Foam Tempo is a refreshing and worthy replacement for the Fresh Foam ... (Read expert review)
Expert score

Reebok Nano X Review

The Reebok Nano X is the top training shoe this year. It'll see you through ... (Read expert review)
Expert score

Saucony Cohesion 13 Review

The Saucony Cohesion 13 is a great, budget friendly running shoe that ticks ... (Read expert review)
Expert score

Brooks Glycerin 18 Review

The Brooks Glycerin is a high cushion daily trainer that is made for any ... (Read expert review)
Expert score

Mizuno Wave Horizon 4 Review

Mizuno Wave Horizon 4 is completely redone for a simpler, sleeker shoe that ... (Read expert review)
Expert score

New Balance 860 v10 Review

The New Balance 860 V10 belongs in the toolbox of a runner needing some ... (Read expert review)

This web site uses cookies. Click Accept to continue. Review Our Cookie Policy

On these and other websites owned by RSG Media BV we use cookies and other similar techniques.

We place and use different types of cookies for the following purposes:

Functional cookies:
To make our websites work as intended.

Analytical cookies:
To collect and analyze statistics to improve the experience on our websites and the effectiveness of advertisements.

Tracking cookies:
To build personal profiles of you so that we can show you targeted content and advertisements that match your interests.

Social cookies:
To allow you to share your reaction through 'likes' or commentary.

In addition, third parties (which are partly outside the EU) can place cookies on our websites, including tracking cookies that can also be used to build up a profile of you. Tracking cookies may have an impact on your privacy.

By giving your consent below, you agree that we place and read cookies on all our websites (see this overview) and combine these collected data.

Your consent remains valid for 6 months unless you withdraw it.